Integrate certificate lifecycle management in your DevOps workflow


Automating the lifecycle management of certificates with an Ansible collection can significantly improve the efficiency and security of an organization’s certificate infrastructure. Forget about the time consuming and error-prone process of manually renewing certificates, causing business-critical systems to go down.

With Horizon’s Ansible Collection, you can easily and efficiently manage all of your certificates from a single, centralized location. Our collection provides a range of powerful features that make it easy to automate common certificate tasks, such as renewal and distribution, while integrating perfectly in your existing workflows.


Automating the lifecycle management of certificates with Infrastructure as Code (IaC) using Terraform can be beneficial for your organization in many ways : by reducing the risk of human error and allowing easy collaboration between members, or taking full power of the versioning features provided by tools such as Git.

Furthermore, automating certificate management with IaC can help ensure consistency across an organization’s infrastructure. This eliminates the risk of configuration drift and makes it easier to troubleshoot issues. We strongly believe that every organization should have access to such tools : we developed Terraform providers to make the migration to IaC technologies a breeze.

With the help of EverTrust products, we managed to seamlessly integrate certificate management and deployment into our DevOps workflow.



Kubernetes (Issuer)

The Horizon Issuer relies on Horizon, our complete Lifecycle Management platform, to generate certificates in your Kubernetes or Openshift clusters. Deeply integrated in the Kubernetes ecosystem, it takes full advantage of features offered by cert-manager such as Ingress certificate generation, mTLS between pods, or even securing an Istio service mesh.

It eliminates the need to use the ACME protocol, allowing stricter firewall rules and a better overall security in your cluster. Backed by Horizon, it is PKI agnostic and can easily manage multiple enrollments in the same cluster (could be your private PKI and a public CA).
Plus, we also offer cheap certificates for DevOps purposes through our certificate authority, Stream, while retaining control over your own keys.

Client Automation

Certificates can be found in a variety of places, including web and application servers, across multiple platforms and infrastructures. It may appear difficult to centralize them in order to effectively manage and maintain them.

The Horizon client, through its certificate discovery feature, can provide visibility into all of the certificates in use within the network. This allows for easier identification of expiring or compromised certificates, reducing the chances of a certificate expiring without your knowledge, as well as the ability to centrally manage certificate renewal and revocation.

The Horizon client also performs certificate grading to assess the compliance of each certificate with standards and best practices. You will then be able to identify any non-compliant certificate and to bring them into compliance by letting the client re-enroll and replace the certificate in a breeze, further enhancing the security of your network.